ISO/IEC 38500:2015, IT Governance, Governance, Risk & Compliance

ISO/IEC 38500 - IT Governance

ISO/IEC 38500:2015 - IT Governance provides guidance for the members of organizational governance bodies such as owners, directors and partners etc. It helps organizational bodies to understand the effective and efficient usage of information technology to achieve goals and overall improvement in business processes. IT Governance also guides advisory, informative and assisting bodies which are as follows:

  • Executive Managers
  • Members of resource utilization monitoring committee
  • Legal and accounting experts
  • Retail and industrial associations
  • External or internal technical experts and professional bodies.
  • External or internal consultants.
  • External or internal auditors.

ISO/IEC 38500:2015 helps organizations in governing the current and future usage of Information Technology such as management processes, decision making etc. IT specialists control these processes not only in the organization but also as outsourced service providers.

Principles of ISO/IEC 38500:2015 IT Governance

  • IT establishes responsibilities.
  • Best planning for the overall support of the organization.
  • Ensures optimal performance levels
  • Ensures safety, privacy and conformance according to rules and regulations

IT Governance Standard was derived form Australian Standard - AS 8015. In 2007, it was published under the name of "ISO/IEC 29382, Corporate Governance of Information and Communication Technology." However, in 2008, it was renamed to "ISO/IEC 38500 - IT Governance"